Sourced Group is an AWS Premium Consulting Partner. It enables its customers and internal teams to learn about AWS services and tools in various ways. One of the ways is to conduct an immersion day on a specific AWS subject.
Last month I was fortunate to deliver Immersion Day for Sourced Group ANZ regional team on the AWS Control Tower topic.
AWS Immersion Day workshops are in-person or virtual workshops that AWS Solutions Architects created to help customers and partners walk through different Amazon Web Services (AWS) areas. This in-depth approach helps technical experts learn how to best leverage the AWS platform to unlock business potential and meet critical objectives. The timing of workshops varies between half-day and full-day sessions.
Control Tower is an AWS-managed service that provides the easiest way to set up and govern a new, secure, multi-account AWS environment based on best practices established through AWS’s experience working with thousands of enterprises moving to the cloud. You can learn more about AWS Control Tower service on my other blog here.
Usually, customers have to bring their master account for Control Tower Immersion day. AWS Partner Solution Architect can help us with AWS-created accounts for all other Immersion Days.
To keep things simple and move quickly, we provisioned the Master AWS accounts and associated email addresses and aliases for each participant and handed them over a week in advance. We used our credit card for the master account creation and got it reimbursed lately.
To save time on the Immersion day, we advised the participants to deploy the AWS Control Tower a week before. We shared the Control Tower deployment video with the team to assist with the deployment.
Because of the Covid19 restrictions, we decided to run it as a virtual event and used Microsoft Teams. We started the day with an hour-long presentation to give the participants an AWS Control Tower service briefing.
Later we deep-dived into the AWS Control Tower service topics backed with hands-on labs on various topics like
Account Vending – Enrolling a new or existing AWS account.
Service Catalogue to create VPCs in a multi-account environment.
Centralized Identity and Access management using AWS SSO and AWS Organizations.
Governance – Enabled Guardrails (SCPs, config Rules) on OUs.
Adding Customizations to Control Tower with Customization Pipeline solution to deploy SCP and AWS Config rules.
AWS Solution Architects team has developed a significant amount of Control Tower immersion Day course and lab material which can be covered in a few days. We picked some of the exciting topics used in day-to-day AWS control tower operation and were relevant to the consulting business.
We got a high Customer Satisfaction Feedback (CSAT) score of 4.67. Based on experience and learning from AWS Solution Architects, any score of 4.5 is a great feedback score.
The cost to run 10 AWS Control lab accounts for two months was less than $20.
Close the Lab accounts as quickly as possible; the cost associated is roughly USD 3 per lab environment.
Participants were keen to hear how this might help (or not) some of the Control Tower <-> TF Cloud resource management in the landing zone.